A hybrid deep learning-based intrusion detection system for IoT networks

Noor Wali Khan; Mohammed S. Alshehri; Muazzam A Khan; Sultan Almakdi; Naghmeh Moradpoor; Abdulwahab Alazeb; Safi Ullah; Naila Naz; Jawad Ahmad; Noor Wali Khan; Mohammed S. Alshehri; Muazzam A Khan; Sultan Almakdi; Naghmeh Moradpoor; Abdulwahab Alazeb; Safi Ullah; Naila Naz; Jawad Ahmad

doi:10.3934/mbe.2023602

Mathematical Biosciences and Engineering

2023, Volume 20, Issue 8: 13491-13520. doi: 10.3934/mbe.2023602

Previous Article Next Article

Research article

A hybrid deep learning-based intrusion detection system for IoT networks

1.
Department of Computer Science, Quaid-i-Azam University, Islamabad 44000, Pakistan
2.
Department of Computer Science, College of Computer Science and Information Systems, Najran University, Najran 61441, Saudi Arabia
3.
ICESCO Chair Big Data Analytics and Edge Computing, Quaid-i-Azam University, Islamabad 44000, Pakistan
4.
School of Computing, Engineering & The Built Environment, Edinburgh Napier University, Edinburgh EH10 5DT, UK

Academic Editor: Danilo Pelusi

Received: 12 April 2023 Revised: 03 May 2023 Accepted: 21 May 2023 Published: 13 June 2023

The Internet of Things (IoT) is a rapidly evolving technology with a wide range of potential applications, but the security of IoT networks remains a major concern. The existing system needs improvement in detecting intrusions in IoT networks. Several researchers have focused on intrusion detection systems (IDS) that address only one layer of the three-layered IoT architecture, which limits their effectiveness in detecting attacks across the entire network. To address these limitations, this paper proposes an intelligent IDS for IoT networks based on deep learning algorithms. The proposed model consists of a recurrent neural network and gated recurrent units (RNN-GRU), which can classify attacks across the physical, network, and application layers. The proposed model is trained and tested using the ToN-IoT dataset, specifically collected for a three-layered IoT system, and includes new types of attacks compared to other publicly available datasets. The performance analysis of the proposed model was carried out by a number of evaluation metrics such as accuracy, precision, recall, and F1-measure. Two optimization techniques, Adam and Adamax, were applied in the evaluation process of the model, and the Adam performance was found to be optimal. Moreover, the proposed model was compared with various advanced deep learning (DL) and traditional machine learning (ML) techniques. The results show that the proposed system achieves an accuracy of 99% for network flow datasets and 98% for application layer datasets, demonstrating its superiority over previous IDS models.
- IoT,
- intrusion detection,
- deep learning,
- machine learnnig,
- cyberattacks
Citation: Noor Wali Khan, Mohammed S. Alshehri, Muazzam A Khan, Sultan Almakdi, Naghmeh Moradpoor, Abdulwahab Alazeb, Safi Ullah, Naila Naz, Jawad Ahmad. A hybrid deep learning-based intrusion detection system for IoT networks[J]. Mathematical Biosciences and Engineering, 2023, 20(8): 13491-13520. doi: 10.3934/mbe.2023602

Related Papers:

Abstract

The Internet of Things (IoT) is a rapidly evolving technology with a wide range of potential applications, but the security of IoT networks remains a major concern. The existing system needs improvement in detecting intrusions in IoT networks. Several researchers have focused on intrusion detection systems (IDS) that address only one layer of the three-layered IoT architecture, which limits their effectiveness in detecting attacks across the entire network. To address these limitations, this paper proposes an intelligent IDS for IoT networks based on deep learning algorithms. The proposed model consists of a recurrent neural network and gated recurrent units (RNN-GRU), which can classify attacks across the physical, network, and application layers. The proposed model is trained and tested using the ToN-IoT dataset, specifically collected for a three-layered IoT system, and includes new types of attacks compared to other publicly available datasets. The performance analysis of the proposed model was carried out by a number of evaluation metrics such as accuracy, precision, recall, and F1-measure. Two optimization techniques, Adam and Adamax, were applied in the evaluation process of the model, and the Adam performance was found to be optimal. Moreover, the proposed model was compared with various advanced deep learning (DL) and traditional machine learning (ML) techniques. The results show that the proposed system achieves an accuracy of 99% for network flow datasets and 98% for application layer datasets, demonstrating its superiority over previous IDS models.

References

[1]	K. Elgazzar, H. Khalil, T. Alghamdi, A. Badr, G. Abdelkader, A. Elewah, et al., Revisiting the internet of things: New trends, opportunities and grand challenges, Front. Internet Things, 1 (2022), 1–7. https://doi.org/10.3389/friot.2022.1073780 doi: 10.3389/friot.2022.1073780
[2]	V. Terzieva, S. Ilchev, K. Todorova, The role of Internet of Things in smart education, IFAC-PapersOnLine, 55 (2022), 108–113. https://doi.org/10.1016/j.ifacol.2022.08.057 doi: 10.1016/j.ifacol.2022.08.057
[3]	S. Tanwar, N. Gupta, C. Iwendi, K. Kumar, M. Alenezi, Next generation IoT and blockchain integration, J. Sens., 2022 (2022). https://doi.org/10.1155/2022/9077348
[4]	L. K. Ramasamy, F. Khan, M. Shah, B. Prasad, C. Iwendi, C. Biamba, Secure smart wearable computing through artificial intelligence-enabled internet of things and cyber-physical systems for health monitoring, Sensors, 22 (2022), 1076. https://doi.org/10.3390/s22031076 doi: 10.3390/s22031076
[5]	Y. Cao, S. Miraba, S. Rafiei, A. Ghabussi, F. Bokaei, S. Baharom, et al., Economic application of structural health monitoring and internet of things in efficiency of building information modeling, Smart Struct. Syst., 26 (2020), 559–573. https://doi.org/10.12989/sss.2020.26.5.559 doi: 10.12989/sss.2020.26.5.559
[6]	C. Iwendi, G. Wang, Combined power generation and electricity storage device using deep learning and internet of things technologies, Energy Rep., 8 (2022), 5016–5025. https://doi.org/10.1016/j.egyr.2022.02.304 doi: 10.1016/j.egyr.2022.02.304
[7]	M. Khan, M. Khattk, S. Latif, A. Shah, M. Ur Rehman, W. Boulila, et al., Voting classifier-based intrusion detection for IoT networks, in Advances on Smart and Soft Computing, Springer, (2022), 313–328. https://doi.org/10.1007/9789811655593_26
[8]	N. Naz, M. Khan, S. Alsuhibany, M. Diyan, Z. Tan, M. Khan, et al., Ensemble learning-based IDS for sensors telemetry data in IoT networks, Math. Biosci. Eng., 19 (2022), 10550–10580. https://doi.org/10.3934/mbe.2022493 doi: 10.3934/mbe.2022493
[9]	M. A. Razzaq, S. H. Gill, M. A. Qureshi, S. Ullah, Security issues in the Internet of Things (IoT): A comprehensive study, Int. J. Adv. Comput. Sci. Appl., 8 (2017). https://doi.org/10.14569/ijacsa.2017.080650
[10]	G. Joshi, W. Kim, Survey, nomenclature and comparison of reader anti-collision protocols in RFID, IETE Tech. Rev., 25 (2008), 234–243. https://doi.org/10.4103/0256-4602.44659 doi: 10.4103/0256-4602.44659
[11]	S. Al-Qaseemi, H. Almulhim, M. Almulhim, S. Chaudhry, IoT architecture challenges and issues: Lack of standardization, in 2016 Future Technologies Conference (FTC), (2016), 731–738. https://doi.org/10.1109/FTC.2016.7821686
[12]	R. Mahmoud, T. Yousuf, F. Aloul, I. Zualkernan, Internet of things (IoT) security: Current status, challenges and prospective measures, in 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST), (2015), 336–341. https://doi.org/10.1109/ICITST.2015.7412116
[13]	V. Kumar, M. Devi, P. Raja, P. Kanmani, S. Velayutham, S. Sengan, et al., Design of peer-to-peer protocol with sensible and secure IoT communication for future internet architecture, Microprocess. Microsyst., 78 (2020), 103216. https://doi.org/10.1016/j.micpro.2020.103216 doi: 10.1016/j.micpro.2020.103216
[14]	K. Tajziehchi, A. Ghabussi, H. Alizadeh, Control and optimization against earthquake by using genetic algorithm, J. Appl. Eng. Sci., 8 (2018), 73–78. https://doi.org/10.2478/JAES-2018-0010 doi: 10.2478/JAES-2018-0010
[15]	M. Wu, T. Lu, F. Ling, J. Sun, H. Du, Research on the architecture of Internet of Things, in 2010 3rd International Conference on Advanced Computer Theory and Engineering (ICACTE), (2010), V5-484-V5-487. https://doi.org/10.1109/ICACTE.2010.5579493
[16]	K. Mohamed, IoT physical layer: sensors, actuators, controllers and programming, in The Era of Internet of Things, Springer, (2019), 21–47. https://doi.org/10.1007/978-3-030-18133-8_2
[17]	I. Ahmad, M. Niazy, R. Ziar, S. Khan, Survey on IoT: security threats and applications, J. Rob. Control, 2 (2021), 42–46. https://doi.org/10.18196/jrc.2150 doi: 10.18196/jrc.2150
[18]	G. E. Rodríguez, J. G. Torres, P. Flores, D. E. Benavides, Cross-site scripting (XSS) attacks and mitigation and Blockchain Integration, Comput. Networks, 166 (2020), 106960. https://doi.org/10.1016/j.comnet.2019.106960 doi: 10.1016/j.comnet.2019.106960
[19]	K. Chen, S. Zhang, Z. Li, Y. Zhang, Q. Deng, S. Ray, et al., Internet-of-Things security and vulnerabilities: Taxonomy, challenges, and practice, J. Hardware Syst. Secur., 2 (2018), 97–110. https://doi.org/10.1007/s41635-017-0029-7 doi: 10.1007/s41635-017-0029-7
[20]	B. Thakur, S. Chaudhary, Content sniffing attack detection in client and server side: A survey, Int. J. Adv. Comput. Res., 3 (2013).
[21]	E. Fernandes, J. Jung, A. Prakash, Security analysis of emerging smart home applications, in 2016 IEEE Symposium on Security and Privacy (SP), (2016), 636–654. https://doi.org/10.1109/SP.2016.44
[22]	A. Sastry, S. Sulthana, S. Vagdevi, Security threats in wireless sensor networks in each layer, Int. J. Adv. Comput. Res., 4 (2013), 1657–1661.
[23]	D. Welch, S. Lathrop, Wireless security threat taxonomy, in IEEE Systems, Man and Cybernetics SocietyInformation Assurance Workshop, (2003), 76–83. https://doi.org/10.1109/SMCSIA.2003.1232404
[24]	J. Cho, S. Yeo, S. Kim, Securing against brute-force attack: A hash-based RFID mutual authentication protocol using a secret value, Comput. Commun., 34 (2011), 391–397. https://doi.org/10.1016/j.comcom.2010.02.029 doi: 10.1016/j.comcom.2010.02.029
[25]	A. Mitrokotsa, M. Rieback, A. Tanenbaum, Classification of RFID attacks, in Proceedings of the 2nd International Workshop on RFID Technology-Concepts, Applications, Challenges (ICEIS 2008) - IWRT, SciTePress, 2008. https://doi.org/10.1587/transinf.E93.D.518
[26]	J. Deogirikar, A. Vidhate, Security attacks in IoT: A survey, in 2017 International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud)(I-SMAC), (2017), 32–37. https://doi.org/10.1587/transinf.E93.D.518
[27]	B. Bhati, G. Chugh, F. Al-Turjman, N. Bhati, An improved ensemble based intrusion detection technique using XGBoost, Trans. Emerging Telecommun. Technol., 32 (2021), e4076. https://doi.org/10.1002/ett.4076 doi: 10.1002/ett.4076
[28]	H. Bostani, M. Sheikhan, Hybrid of anomaly-based and specification-based IDS for Internet of Things using unsupervised OPF based on MapReduce approach, Comput. Commun., 98 (2017), 52–71. https://doi.org/10.1016/j.comcom.2016.12.001 doi: 10.1016/j.comcom.2016.12.001
[29]	J. Singh, M. Nene, A survey on machine learning techniques for intrusion detection systems, Int. J. Adv. Res. Comput. Commun. Eng., 2 (2013), 4349–4355.
[30]	Y. Otoum, A. Nayak, As-ids: Anomaly and signature based ids for the internet of things, J. Network Syst. Manage., 29 (2021). https://doi.org/10.1007/s10922-021-09589-6
[31]	M. Ferrag, L. Maglaras, A. Ahmim, M. Derdour, H. Janicke, Rdtids: Rules and decision tree-based intrusion detection system for internet-of-things networks, Future Internet, 12 (2020). https://doi.org/10.3390/fi12030044
[32]	Sharipuddin, B. Purnama, Kurniabudi, E. A. Winanto, D. Stiawan, D. Hanapi, et al., Features extraction on IoT intrusion detection system using principal components analysis (PCA), in 2020 7th International Conference on Electrical Engineering, Computer Sciences and Informatics (EECSI), (2020), 114–118. https://doi.org/10.23919/EECSI50503.2020.9251292
[33]	A. Hussein, P. Falcarin, A. Sadiq, Enhancement performance of random forest algorithm via one hot encoding for IoT IDS, Periodicals Eng. Nat. Sci., 9 (2021), 579–591. http://dx.doi.org/10.21533/pen.v9i3.2204 doi: 10.21533/pen.v9i3.2204
[34]	T. Saranya, S. Sridevi, C. Deisy, T. D. Chung, M. K. A. Khan, Performance analysis of machine learning algorithms in intrusion detection system: a review, Procedia Comput. Sci., 171 (2020), 1251–1260. https://doi.org/10.1016/j.procs.2020.04.133 doi: 10.1016/j.procs.2020.04.133
[35]	D. Zheng, Z. Hong, N. Wang, P. Chen, An improved LDA-based ELM classification for intrusion detection algorithm in IoT application, Sensors, 20 (2020), 1706. https://doi.org/10.3390/s20061706 doi: 10.3390/s20061706
[36]	J. Vitorino, R. Andrade, I. Praca, O. Sousa, E. Maia, A comparative analysis of machine learning techniques for iot intrusion detection, arXiv preprint, (2022), arXiv: 2111.13149. https://doi.org/10.48550/arXiv.2111.13149
[37]	A. Verma, V. Ranga, Machine Learning intrusion detection systems for IoT applications, Wireless Pers. Commun., 111 (2020), 2287–2310. https://doi.org/10.1007/s11277-019-06986-8 doi: 10.1007/s11277-019-06986-8
[38]	X. Kan, Y. Fan, Z. Fang, L. Cao, N. Xiong, D. Yang, et al., A novel IoT network intrusion detection approach based on adaptive particle swarm optimization convolutional neural network, Inf. Sci., 568 (2021), 147–162. https://doi.org/10.1016/j.ins.2021.03.060 doi: 10.1016/j.ins.2021.03.060
[39]	A. Banaamah, I. Ahmad, Intrusion Detection in IoT Using Deep Learning, Sensors, 22 (2022), 8417. https://doi.org/10.3390/s22218417 doi: 10.3390/s22218417
[40]	M. Almiani, A. AbuGhazleh, A. Al-Rahayfeh, S. Atiewi, A. Razaque, Deep recurrent neural network for IoT intrusion detection system, Simul. Modell. Pract. Theory, 101 (2020), 102031. https://doi.org/10.1016/j.simpat.2019.102031 doi: 10.1016/j.simpat.2019.102031
[41]	I. Ullah, Q. Mahmoud, Design and development of RNN anomaly detection model for IoT networks, IEEE Access, 10 (2022), 62722–62750. https://doi.org/10.1109/ACCESS.2022.3176317 doi: 10.1109/ACCESS.2022.3176317
[42]	S. Park, H. Park, Y. J. Choi, RNN-based prediction for network intrusion detection, in 2020 International Conference on Artificial Intelligence in Information and Communication (ICAIIC), (2020), 572–574. https://doi.org/10.1109/ICAIIC48513.2020.9065249
[43]	S. M. Kasongo, A deep learning technique for intrusion detection system using a Recurrent Neural Networks based framework, Comput. Commun., 199 (2023), 113–125. https://doi.org/10.1016/j.comcom.2022.12.010 doi: 10.1016/j.comcom.2022.12.010
[44]	X. Wang, X. Lu, A host-based anomaly detection framework using XGBoost and LSTM for IoT devices, Wireless Commun. Mobile Comput., 2020 (2020), 1251–1260. https://doi.org/10.1155/2020/8838571 doi: 10.1155/2020/8838571
[45]	S. Ullah, M. A. Khan, J. Ahmad, S. Jamal, Z. Huma, M. T. Hassan, et al., HDL-IDS: a hybrid deep learning architecture for intrusion detection in the Internet of Vehicle, Sensors, 22 (2022), 1340. https://doi.org/10.3390/s22041340 doi: 10.3390/s22041340
[46]	K. Tajziehchi, A. Ghabussi, H. Alizadeh, Control and optimization against earthquake by using genetic algorithm, J. Appl. Eng. Sci., 8 (2018), 73–78. https://doi.org/10.2478/jaes-2018-0010 doi: 10.2478/jaes-2018-0010
[47]	X. Ma, L. Foong, A. Morasaei, A. Ghabussi, Z. Lyu, Swarm-based hybridizations of neural network for predicting the concrete strength, Smart Struct. Syst., 26 (2020), 241–251. https://doi.org/10.12989/sss.2020.26.2.241 doi: 10.12989/sss.2020.26.2.241
[48]	A. Chawla, B. Lee, S. Fallon, P. Jacob, Host based intrusion detection system with combined CNN/RNN model, in Joint European Conference on Machine Learning and Knowledge Discovery in Databases, Springer, (2018), 149–158. https://doi.org/10.1007/978-3-030-13453-2_12
[49]	S. Bini, Artificial intelligence, machine learning, deep learning, and cognitive computing: what do these terms mean and how will they impact health care, J. Arthroplasty, 33 (2018), 2358–2361. https://doi.org/10.1016/j.arth.2018.02.067 doi: 10.1016/j.arth.2018.02.067
[50]	A. Arko, S. Khan, A. Preety, M. Biswas, Anomaly Detection In IoT Using Machine Learning Algorithms, Thesis, Brac University, 2019. http://hdl.handle.net/10361/12776
[51]	T. Ghazal, M. Hasan, M. Alshurideh, H. Alzoubi, M. Ahmad, S. AKbar, et al., IoT for smart cities: Machine learning approaches in smart healthcare—A review, Future Internet, 13 (2021), 218. https://doi.org/10.3390/fi13080218 doi: 10.3390/fi13080218
[52]	O. Brun, Y. Yin, E. Gelenbe, Deep learning with dense random neural networks for detecting attacks against IoT-connected home environments, Procedia Comput. Sci., 134 (2018), 458–463. https://doi.org/10.1016/j.procs.2018.07.183 doi: 10.1016/j.procs.2018.07.183
[53]	S. Ullah, J. Ahmad, M. Khan, E. Alkhammash, M. Hadjouni, Y. Ghadi, et al., A new intrusion detection system for the Internet of Things via deep convolutional neural network and feature engineering, Sensors, 22 (2022), 3607. https://doi.org/10.3390/s22103607 doi: 10.3390/s22103607
[54]	Y. Otoum, D. Liu, A. Nayak, DL-IDS: a deep learning–based intrusion detection framework for securing IoT, Trans. Emerging Telecommun. Technol., Wiley Online Library, 33 (2022). https://doi.org/10.1002/ett.3803
[55]	R. H. Mohamed, F. A. Mosa, R. A. Sadek, Efficient intrusion detection system for IoT environment, Int. J. Adv. Comput. Sci. Appl., 13 (2022). https://doi.org/10.14569/IJACSA.2022.0130467
[56]	Y. Yang, L. Wu, G. Yin, L. Li, H. Zhao, A survey on security and privacy issues in Internet-of-Things, IEEE Internet Things J., 4 (2017), 1250–1258. https://doi.org/10.1109/JIOT.2017.2694844 doi: 10.1109/JIOT.2017.2694844
[57]	T. Ariffin, S. Abdullah, F. Fauzi, M. Z. Murah, IoT attacks and mitigation plan: A preliminary study with Machine Learning Algorithms, in 2022 International Conference on Business Analytics for Technology and Security (ICBATS), (2022), 1–6. https://doi.org/10.1109/ICBATS54253.2022.9758933
[58]	W. W. Lo, S. Layeghy, M. Sarhan, M. Gallagher, M. Portmann, E-graphsage: A graph neural network based intrusion detection system for iot, in NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium, (2022), 1–9. https://doi.org/10.1109/NOMS54207.2022.9789878
[59]	M. Sarhan, S. Layeghy, N. Moustafa, M. Gallagher, M. Portmann, Feature extraction for machine learning-based intrusion detection in IoT networks, in press, 2022. https://doi.org/10.1016/j.dcan.2022.08.012
[60]	I. Idrissi, M. Azizi, O. Moussaoui, Accelerating the update of a DL-based IDS for IoT using deep transfer learning, J. Electr. Eng. Comput. Sci., 23 (2021). https://doi.org/10.11591/ijeecs.v23.i2.pp1059-1067
[61]	A. Khraisat, A. Alazab, A critical review of intrusion detection systems in the internet of things: techniques, deployment strategy, validation strategy, attacks, public datasets and challenges, Cybersecurity, 4 (2021). https://doi.org/10.1186/s42400-021-00077-7
[62]	A. Alsaedi, N. Moustafa, Z. Tari, A. Mahmood, A. Anwar, TON_IoT telemetry dataset: A new generation dataset of IoT and IIoT for data-driven intrusion detection systems, IEEE Access, 8 (2020), 165130–165150. https://doi.org/10.1109/ACCESS.2020.3022862 doi: 10.1109/ACCESS.2020.3022862
[63]	F. Hilario, A. Luis, S. L{ó}pez, F. Herrera, N. V. Chawla, SMOTE for Learning from imbalanced data: Progress and challenges, marking the 15-year anniversary, J. Artif. Intell. Res., 61 (2018). https://doi.org/10.1613/jair.1.11192
[64]	H. Han, W. Wang, B. Mao, Borderline-SMOTE: a new over-sampling method in imbalanced data sets learning, in International Conference on Intelligent Computing, Springer, (2005), 878–887.
[65]	S. G. K. Patro, K. K. Sahu, Normalization: A preprocessing stage, arXiv preprint, (2015), arXiv: 1503.06462. https://doi.org/10.48550/arXiv.1503.06462
[66]	A. Bahri, Y. Li, On a min-max procedure for the existence of a positive solution for certain scalar field equations in RN, Rev. Mat. Iberoam., 6 (1990), 1–15. https://doi.org/10.4171/RMI/92 doi: 10.4171/RMI/92

Reader Comments

Your name:*

Email:*
© 2023 the Author(s), licensee AIMS Press. This is an open access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0)